Having trouble opening the browser authorization URL to retrieve authorization code

[wmLowry]

I'm running this code in my server.js:

let authUrl = ebayAuthToken.generateUserAuthorizationUrl('PRODUCTION', scopes, options);
    authUrl = authUrl.split(" ")
    res.redirect(authUrl[0]);

But I keep getting this error in my console:

Access to XMLHttpRequest at 'https://auth.ebay.com/oauth2/authorize?client_id=---CLIENT-ID---&response_type=code&scope=https://auth.ebay.com/oauth2/authorize?client_id=---CLIENT-ID---&response_type=code&redirect_uri=---REDIRECT-URI---=https://api.ebay.com/oauth/api_scope' (redirected from 'https://localhost:3000/ebay-user-auth') from origin 'https://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I switched out my client IDs and the URI with placeholders. I am using Express js but not AJAX.

Any ideas on how to fix this error?

[sohail-khalil]

I'm having the same issue. Any help?

[wmLowry]

I'm having the same issue. Any help?

I'm not having any luck on my end. What confuses me is getting the value for the 'code' parameter for this function:

// Exchange Code for Authorization token
ebayAuthToken.exchangeCodeForAccessToken( 'PRODUCTION', code ).then((data) => { // eslint-disable-line no-undef
console.log(data);
}).catch((error) => {
console.log(error);
console.log( Error to get Access token :${JSON.stringify(error)} );
});

I understand that it's supposed to come from the Authorization URL after the user gives permission, but I have no clue on how to capture that value.

[sohail-khalil]

any update on this?

[planetmall]

Look into using Cors.

https://www.npmjs.com/package/cors

If you have trouble let me know I was able to get up and running with this library and would be happy to help.

[seifer7]

I'm having the same issue. Any help?

I'm not having any luck on my end. What confuses me is getting the value for the 'code' parameter for this function:

// Exchange Code for Authorization token ebayAuthToken.exchangeCodeForAccessToken( 'PRODUCTION', code ).then((data) => { // eslint-disable-line no-undef console.log(data); }).catch((error) => { console.log(error); console.log( Error to get Access token :${JSON.stringify(error)} ); });

I understand that it's supposed to come from the Authorization URL after the user gives permission, but I have no clue on how to capture that value.

This looks like bad design by eBay.
As far as I can tell, the only way you can capture the code (authorization code) is by having a HTTP server set up to accept the redirect that eBay does after the user consents via the Authorization URL.
eBay passes the code to you as a URL parameter (GET request) appended to your configured Accepted URL.

So, if you are working on a platform that does not provide a way to accept HTTP requests you have to set up a separate server to do so, and on that server cache the code and then from your app platform you then query your separate server and ask it for the code that was passed to it.

This is absolutely absurd.

eBay's old Auth'n'Auth dealt with this nicely be implementing the "separate server" (described above) as a API function call FetchToken.

TO eBay API Developers

Please weigh in here, is there a new FetchToken method for those of us that want to use the new APIs / OAuth authentication?

[spatial25]

I was able to get through the token complications. You're going to need a landing page for ebay to redirect after a user clicks to authorize the exchangeCodeForAccessToken. The URI and where to place the success URL is on the developer.ebay.com account option under the user name in the menu bar. It will be found under the Get a Token from eBay via Your Application option. Here is my code for accessing the ebay redirect page that will redirect to another page of mine.

app.get('/oauth/ebay/redirect', (req, res) => {
			var display =	ebayAuthToken.generateUserAuthorizationUrl('SANDBOX', scopes, { prompt: 'login', state: 'custom-state-value' });

			console.log(display)
			res.redirect(display)
});

This goes to the consent page that will redirect to the success page url that is placed under the "Get a Token from eBay via Your Application" option in the developers.ebay.com site. The access code will be the response code in the URL and I have another page to sort the json data. eBay token application only supports https routing, so it can still work using port :443 with an ip without an ssl until you get one. My landing page is https//ip-addr:443/acceptURL.php? and it goes to this while the node server is up.

app.get('/oauth/ebay/auth', ( req, res,) => {

## we get redirected to the page on our server and code is in the return URL. call it with req.query.code##
  var code = req.query.code;

      var exchange = ebayAuthToken.exchangeCodeForAccessToken('SANDBOX', code).then((data) => { 
            var parsedData1 = JSON.parse(data);
            console.log(parsedData1); ##all data

##separated for URL redirect
            var access_token = parsedData1.access_token;
            var refresh_token = parsedData1.refresh_token;

            var url = '/oauth/ebay/refresh?access_token=' + access_token + '&refresh_token=' + refresh_token;
##redirects to a page for the refresh token variable. 
            res.redirect(url);
      }).catch((error) => {
          console.log(`Error to get Access token :${JSON.stringify(error)}`);
      })
});

I had problems here with using the redirect url variables. It would only print some beginning characters of them.

app.get('/oauth/ebay/refresh', ( req, res) => {

    var access_token = req.query.access_token;
    var refresh_token= req.query.refresh_token;

        console.log(refresh_token);
        console.log(access_token);
});

I hope this can help. I was able to get the consent page through, access_code, and refresh_tokens and am working on headers.

Update: Roadblock on ebay servers if I am doing it right. I tried without the authorization header and got an oauth2 header so there was a change in response.